FWIW - you can always take a look at Security Onion - it has a bunch of Snort front-ends you can play with.<br><br>First we had ACID and it went ker-splat, then BASE, which is dying on the vine. Not sure what the next move is, all I know is that I need a functional front-end and for right now that's Snorby.<br>
<br><div class="gmail_quote">On Fri, May 18, 2012 at 1:46 PM, Greg Williams <span dir="ltr"><<a href="mailto:alphawebfx@...11827..." target="_blank">alphawebfx@...11827...</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF"><div>Well said! I 100% agree. Even though I have alerts forwarding via syslog to other destinations like Splunk, there is just something about BASE that trumps everything else. I've tried many other apps as well including Snorby and Sguil.<br>

<br><br></div><div><div class="h5"><div><br>On May 18, 2012, at 11:36 AM, Ron Sinclair <<a href="mailto:unixfool@...11827..." target="_blank">unixfool@...11827...</a>> wrote:<br><br></div><div></div><blockquote type="cite">
<div>I hear such statements all the time. Would be nice if someone took BASE and revamped (but not whole-hog) it.<br>
<br>I've been using BASE for almost 10 years, even after using both Sguil and Snorby. There's something about BASE that Snorby just can't match...just my opinion. I do check Snorby from time to time to assess any new features. Last I checked, it still had a long way to go, so I kept using BASE. Sguil...I don't know, since I never force myself to spend enough time to better utilize it. I usually just get frustrated and wipe it out.<br>

<br>BASE seems less maintenance intensive than either Sguil and Snorby. I don't want to have to learn Ruby/Rails to use Snorby. I didn't really have to understand all that much about PHP to begin using BASE, and I already had a good knowledge of MySQL, Snort, and Apache (and a multitude of other things). I'll be using BASE for another 10 years, or until something else (that isn't Sguil or Snorby) is released. If that doesn't happen, I'll go straight to the raw logs and begin using correlation scripts and tools.<br>

Hi Dennis:<br><br>BASE is getting pretty long in the tooth, does not appear to be actively developed and as PHP advances, is slowly breaking. It is advisable to switch to something like Snorby, Sguil etc.<br><br><div class="gmail_quote">

<div><div>
<div>Hello,</div>
<div>I have configured snort-2.9.2.2 on an opensuse 12.1 box, everything is working great except for the portscan traffic stays at 0% after an NMAP test and when I select source ports link or dest ports link I recieve an error.Does anyone know how I can resolve this issue?</div>

<br clear="all"><br>-- <br>Rick Chisholm<br><a href="http://parallel42.ca" target="_blank">http://parallel42.ca</a><br>
<a href="http://appliedusers.ca" target="_blank">http://appliedusers.ca</a><br>=========================<br>"There is no faith which has never yet been broken, except that of a truly faithful dog." - Konrad Lorenz<br>

<span>threat landscape has changed and how IT managers can respond. Discussions </span><br><span>will include endpoint security, mobile security and the latest in malware </span><br><span>threats. <a href="http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/" target="_blank">http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/</a></span></div>